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SYSTEM, METHOD. AND APPARATUS FOR SECURELY PROVIDING 
CONTENT VIEWABLE ON A SECURE DEVICE 

5 Cross Reference To Related Applications 

This application claims the benefit of U.S. Provisional Application Serial 
No. 60/455,723, filed March 18, 2003, the benefit of the earlier filing date of which is 
hereby claimed under 35 U.S.C. § 119 (e). 

Field of the Invention 

10 The present invention relates to data security, and more particularly, to a 

system, and method, and apparatus for providing and securely playing secure content. 

Background of the Invention 

Digital Versatile Discs (DVDs) are potentially the fastest growing and 
most rapidly adopted consumer electronics product of today. Interestingly, one of the 

15 main reasons that the DVD format is so innovative and attractive to consumers and the 
entertainment industry is exactly what makes it potentially vulnerable to illicit copying. 
Because DVDs store movies in a digital format that is perfectly reproducible every time 
movies are recorded and played on DVDs, for the first time one can view movies at 
home with crystal clarity and high quality audio. Additionally, the fact that the movies 

20 are stored digitally also means it is possible for movie companies, and others, to make 
virtually an infinite number of essentially perfect copies of DVD movies. 

Such quality and ease of reproduction has made it extremely convenient 
for movie companies, for example, to send out thousands of pristine copies of first 
edition movies to members of the Academy of Motion Picture Arts and Sciences. 

25 These DVDs typically are intended to be viewed only by those individuals who vote for 
Oscars and other industry awards. However, many of the DVDs have fallen into 
unauthorized hands and have become the digital blueprint for bootleggers who have 
copied the DVDs and distributed them both online and in shops abroad. Many such 
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films then show up in pirated DVD form, and the like, shortly after their release into the 
theaters - and sometimes sooner. Since it is preferable to continue to use a high quality 
digital medium, such as DVDs, to distribute motion pictures, providing a relatively high 
level of security to protect the content is desirable. Unfortunately, the illicit copies are 
5 of such high quality that movie companies, and the like often lose millions of dollars as 
a result. In addition, many other content ovmers in the entertainment industry remain 
reluctant to provide content on DVDs until such content protection is available. 
Therefore, it is with respect to these considerations and others that the present invention 
has been made. 

10 Brief Description of the Drawings 

Non-limiting and non-exhaustive embodiments of the present invention 
are described with reference to the following drawings. In the drawings, like reference 
numerals refer to like parts throughout the various figures unless otherwise specified. 

For a better understanding of the present invention, reference will be 
15 made to the following Detailed Description of the Preferred Embodiment, which is to be 
read in association with the accompanying drawings, wherein: 

FIGURE 1 illustrates an exemplary environment in which the present 
invention may be practiced; 

FIGURE 2 illustrates a block diagram of an exemplary apparatus for 
20 enabling the viewing of secure content; 

FIGURE 3 illustrates one embodiment of a content stream for providing 

secure content; 

FIGURE 4 illustrates a flow diagram generally showing one embodiment 
for an end-to-end process of providing and viewing secure content; 
25 FIGURE 5 illustrates a flow diagram generally showing one embodiment 

for a process of generating secure content; and 

FIGURE 6A-6B illustrate a flow diagram generally showing one 
embodiment for a process of viewing secure content, in accordance vsath the present 
invention. 
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Detailed Description of the Preferred Embodiment 

In the following detailed description of exemplary embodiments of the 
invention, reference is made to the accompanied drawings, which form a part hereof, 
and which is shown by way of illustration, specific exemplary embodiments of which 
5 the invention may be practiced. Each embodiment is described in sufficient detail to 
enable those skilled in the art to practice the invention, and it is to be understood that 
other embodiments may be utilized, and other changes may be made, without departing 
from the spirit or scope of the present invention. The following detailed description is, 
therefore, not to be taken in a limiting sense, and the scope of the present invention is 
10 defined only by the appended claims. 

Throughout the specification and claims, the following terms take the 
meanings explicitly associated herein, unless the context clearly dictates otherwise. 

The terms "coupled," and "connected," includes a direct connection 
between the things that are connected, or an indirect connection through one or more 
1 5 either passive or active intermediary devices or components. 

The term "screener," includes media content, and the like, that is to be 
viewed/screened, and otherwise enjoyed by a user, member of an awards organization, 
and the like. The term "screener" may also include a content media, such as a DVD, 
high definition formatted DVD, and the like. 
20 The meaning of "a," "an," and "the" include plural references. The 

meaning of "in" includes "in" and "on." 

Briefly stated, the present invention is directed to a system, apparatus, 
and method for securely providing secure content viewable on a secure player by a 
selected user. In one embodiment, the secure player is configured to receive a computer 
25 readable medium, such as a DVD. However, the invention is not limited to DVDs. For 
example, it is envisioned that the invention may be configured to securely provide and 
view secure content on other mediums, including but not limited to high quality digital 
media, such as High Definition DVDs, and the like. 

30 Illustrative Environment 



FIGURE 1 is a fiinctional block diagram illustrating an exemplary 
operating environment 100 in which the invention may be implemented. Operating 
environment 100 is only one example of a suitable operating environment and is not 
intended to suggest any limitation as to the scope of use or functionality of the present 
5 invention. Thus, other well-known environments and configurations may be employed 
without departing from the scope or spirit of the present invention. 

As shown in the figure, operating environment 100 includes content 
owner 102, processor 104, distributor 106, screener key module(s) 108 (1 through N), 
content media 1 12 (1 through N), and user(s) 1 14 (1 through N). Processor 104 is in 

10 communication with content owner 102 and distributor 106. Distributor 106 is also in 
communication with screener key module(s) 108 (1 through N) and content media 112 
(1 through N). User(s) 114(1 through N) are also in communication with screener key 
module(s) 108 (1 through N) and content media 112(1 through N). 

Content owner 102 includes producers, developers, and owners of media 

1 5 content that can be distributed to user(s) 1 14. Such content, sometimes called screeners, 
includes motion pictures, movies, videos, and the like. However, content owned by 
content owner 102 is not limited to video content only, and may include audio only 
services, without departing from the scope or spirit of the present invention. Thus, 
content is intended to include, but is not limited to, audio, video, still images, text, 

20 graphics, and other forms of content (screeners) directed towards user(s) 114. 

Processor 104 receives content from content owner 102, selectively 
secures at least a portion of that content, and provides the secured content to distributor 
106, as described in more detail below in conjunction with FIGURE 5. Briefly, 
however, processor 104 creates and embeds in a stream of the received content, selected 

25 information, such as a content key for decryption, a content identifier, access 
constraints, rights, entitlements, and the like. In one embodiment, the selected 
information is packaged into at least one key package (not shown), each of which is 
encrypted employing at least one screener key. In another embodiment, each content 
key is encrypted employing at least one screener key. In one embodiment, the content 

30 identifier may be left in the clear. 
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The screener key(s) may be generated using any of a variety of 
encryption/decryption symmetric key mechanisms, including, but not limited to RSA 
algorithms. Data Encryption Standard (DES), International Data Encryption Algorithm 
(IDEA), Skipjack, RC4, Advanced Encryption Standard (AES), and the like. In one 
5 embodiment, the screener key(s) employ a 256-bit AES algorithm for the 

encryption/decryption of the key package. However, screener key(s) are not limited to 
symmetric key mechanisms, and asymmetric key mechanisms may also be employed 
without departing from the scope or spirit of the present invention. 

Processor 104 may obtain the screener key(s) and content key(s) from a 

10 variety of sources, including, but not limited to, content owner 102, a trusted third party, 
and the like. Processor 104 may also generate the screener key(s) and/or content key(s) 
itself. Moreover, the screener keys may reside within a key storage (not shown). Each 
screener key may be indexed in the key storage by a content identifier that is associated 
with particular content. The key storage may fiirther include access constraints, rights, 

15 and the like, associated with a user, content, a targeted secure player, any combination 
of user, content, and targeted secure player, and the like. 

Distributor 106 includes businesses, systems, and the like that obtain 
rights from content owner 1 02 to copy and distribute the secure content. Distributor 
106 may obtain the rights to copy and distribute from one or more content owners. ^ 

20 Distributor 106 may repackage, store, and schedule secure content for subsequent sale, 
distribution, and license to other distributors, user(s) 114, and the like, using content 
media 112. 

Distributor 106 may copy the secure content onto a variety of content 
media 1 12, including, but not limited to a DVD, high definition DVD, Video Compact 
25 Disc (VCD), Super VCD (SVCD), Super Audio CD (SACD), and the like. For 

example, secure content may be copied and distributed on a Dynamic Digital Sound 
(DDS) content media. Moreover, distributor 106 may also copy and distribute secure 
content on a ReadAVrite DVD, CD-Recordable (CD-R), and substantially similar 
content media. Distributor 106 is not limited to copying and distributing secure content 
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on DVD and CD content media technologies, and virtually any other content media 
technology may be employed without departing from the scope of the present invention. 

Distributor 106 may receive one or more screener keys associated with 
the one or more key packages. Distributor 106 may also receive authorization 
5 information from a variety of trusted sources that indicate whether a user has 
authorization to access the secure content. Provided that the user does have 
authorization, distributor 106 may package the received screener key(s) into screener 
key module 108. Distributor 106 may also include in screener key module 108 a 
content identifier associated with the secure content, fiilfiUment rights, access 

10 constraints, attributes associated with a targeted secure player, and the like. For 
example, distributor 106 may include in screener key module 108 attributes that 
indicate that the secure content is not playable within a selected geographic region. 

Distributor 106 may fiirther encrypt the screener key(s), and additional 
information included on screener key module 108, with a public key associated with the 

1 5 targeted secure player. The targeted secure player's public key may be generated 

employing a variety of asymmetric encryption mechanisms, including, but not limited 
to, Diffie-Hellman, RSA, Merkle-Hellman, PGP, X.509, and the like. 

In one embodiment, distributor 106 employs a 2048-bit RSA asymmetric 
(public/private) key associated with the targeted secure player to encrypt the screener 

20 key(s). In another embodiment, the public/private key pair associated with the targeted 
secure player is generated in a Federal Information Processing Standard (FIPS) level 4 
device. However, the present invention is not so limited, and another security level may 
be employed to generate the targeted secure player's public/private key pair. 

In any event, the targeted secure player's public key may be made 

25 available to distributor 106 through a variety of approaches, including a trusted third 
party, a network, email, and the like. Moreover, the targeted secure player's 
private/public keys are bound to the targeted secure player such that they are unique to 
that particular targeted secure player. Moreover, the targeted secure player is 
configured to prevent removal of the targeted secure player's private key. Such action 

30 further binds the targeted secure player's private key to the targeted secure player. 



Distributor 106 may distribute screener key module 108 to user(s) 1 14 
employing a variety of mechanisms, including, but not limited to, a smart card, 
PCMCIA card, a memory stick, over a network, DVD, CD, tape, floppy disc, and 
similar removable mechanisms. Screener key module 108 may also be mailed to user(s) 
5 114. 

User(s) 1 14 include end-users, consumers of content, and the like. 
User(s) 1 14 further include members of an awards organization, and the like, that 
receive content (screeners) for review. User(s) 1 14 may employ various devices to 
enjoy the content, including but not limited to television appliances, mobile device, 

10 PDAs, personal computers, jukeboxes, and the like. User(s) 1 14 may further employ 
the secure player described in more detail below in conjunction with FIGURE 2 to 
securely provide the content to the above devices. 

User(s) 1 14 may request content media 1 12 directly from content 
owner 102, or at any point along a market stream (e.g., from distributor 106). 

15 Moreover, user(s) 1 14 may receive content media 1 12 through multiple content owners 
102, distributors 106, and the like. User(s) 1 14 may further receive screener key 
module(s) 108 from content owner 102, distributor 106, and the like. User(s) 1 14 may 
also receive an identity module, described below in conjunction with FIGURE 2, that 
provides user authentication and authorization for access to the secure content. User(s) 

20 114 may employ screener key module(s) 108, and the identity module, to view the 
secure content on content media 1 12. 

FIGURE 2 illustrates a block diagram of an exemplary apparatus for 
enabling the viewing of secure content. Briefly, secure player 200 is configured to 
receive content media 112 and screener key module 108 of FIGURE 1, and an identity 

25 module, and to enable viewing of the secure content on content media 112. As such, 
secure player 200 may be employed by user(s) 1 14 within, or coupled to a television 
appliance, digital recorder, set-top-box, cellular phone, mobile device, PDA, personal 
computer, jukebox, hybrid Intemet-music-player/home-stereo-component-system, and 
the like. 
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As shown in FIGURE 2, secure player 200 may include many more 
components than those shown; however, those shown are sufficient to disclose an 
illustrative embodiment for practicing the invention. 

As shown in the figure, secure player 200 includes media drive 202, 
5 media player subsystem 204, decryption engine 206, COmpresser/DECompresser 
(CODEC) 208, key store/manager 210, screener key module 108, key loader 214, 
identity module 216, authentication module 218, tamper agent 220, and (optional) 
analog copy protection device 222. Components numbered similarly to those in 
FIGURE 1 operate in a substantially similar manner. 

10 Media player subsystem 204 is in communication with media drive 202 

and decryption engine 206. Decryption engine 206 is also in communication with 
CODEC 208 and key store/manager 210. CODEC 208 is in communication with 
optional anticopy protection device 222. Key store/manager 210 is fiirther in 
communication with key loader 214. Key loader 214 is in communication with screener 

15 key module 108 and authentication module 218. Authentication module 218 is also in 
communication with identity module 216. Tamper agent 220 is in communication with 
decryption engine 206, CODEC 208, key store/manager 210, media player subsystem 
204, authentication module 218, and key loader 214. 

Media drive 202 includes virtually any device and related software that 

20 is configured to receive content media 1 12 of FIGURE 1. Such devices include, but are 
not limited to, a DVD drive, high definition DVD drive. Super Video CD (S VCD) 
drive, VCD drive, Super Audio CD (SACD) drive, and other content media devices. 
For example, media drive 202 may also be Dynamic Digital Sound (DDS) drive. 
Moreover, media drive 202 may also support write capabilities, such as through a 

25 DVD/RW drive, and the like. Media drive 202 and media player subsystem 204 

however, are not limited to DVD, and CD technologies, and virtually any other content 
media technology may be employed without departing from the scope of spirit of the 
present invention. 

Media player subsystem 204 operates in conjunction with media drive 

30 202 to take secure content from the content media supported by media drive 202, and 



provide it to decryption engine 206. Moreover, media player subsystem 204 and media 
drive 202 may include the capabilities to enable content media to be erased, destroyed, 
written over, and the like. For example, media player subsystem 204 may enable the 
erasure, destruction, disablement, and the like, of the secure content on the content 
5 media after a predetermined number of viewings, e.g. a single viewing, indication of 
unauthorized activity, and the like. 

CODEC 208 includes any of a variety of compression/decompression 
mechanisms configured to receive compressed content and decompress it into a format 
capable of being rendered for the user's enjoyment. For example, CODEC 208 may 
10 employ Moving Pictures Experts Group (MPEG), Joint Photographic Experts Group 
(JPEG), wavelets, and other mechanisms for compression and decompression of 
received content. 

Key loader 214 is enabled to receive a request to retrieve a screener key 
from screener key module 108. Key loader 214 may evaluate the request to determine 

15 whether the user has sufficient authorization to retrieve the screener key. Key loader 
214 may request such authorization from authentication module 218. Key loader 214 
may provide authentication module 218 a content identifier, or other information as part 
of its request for authorization. Additionally, key loader 214 may receive a request to 
load one or more screener keys, and other information, onto screener key module 108. 

20 Again, key loader 214 may seek authorization for such action from authentication 
module 218. 

Authentication module 218 is configured to authenticate a user and to 
provide authorized access to screener key module 108. Authentication module 218 may 
receive a request from key loader 214 to access a screener key residing on screener key 
25 module 108. Authentication module 218 may also receive a request to store 

information on screener key module 108. In any event, authentication module 218 
employs identity module 216 to determine the user's identity and associated 
authorization for access to screener key module 108. 

Identity module 216 is enabled to provide the identity of a user, and 
30 entitlements and rights associated with a content identifier, user, and the like. Identity 



module 216 may be deployed using a variety of mechanisms, including, but not limited 
to, biometric, smart card, user name/password, touch-pad code entry, and the like. In 
one embodiment, identity module 216 is configured to enable virtually any user of 
secure player 200 to be authenticated to virtually any secure content. 
5 Key store/manager 210 is configured to store and manage 

encryption/decryption keys, including screener keys, secure player 200's public/private 
keys, associated information, and the like. The associated information may include 
entitlements, rights, and the like, associated with at least one of a screener key, user, 
content, any combination of screener key, user, and content, and the like. Key 

10 store/manager 210 may include a database or flat data file, and the like, configured to 
store and manage the keys, and the associated information in a secure manner. Key 
store/manager 210 may employ content identifiers to index the screener keys and 
associated information. 

Key store/manager 210 typically securely retains the secure player 200's 

1 5 private/public keys until decryption engine 206 requests them for decryption/encryption 
of a screener key. Key store/manager 210, however, is configured to ensure that the 
secure player's private key is not made available beyond use within secure player 200. 

Key store/manager 210 securely stores received screener keys until 
decryption engine 206 requests them for decryption of encrypted content. Key 

20 store/manager 210 may retrieve a screener key from screener key module 108 by 

making a request to key loader 214. Key store/manager 210 may also direct key loader 
214 to deactivate screener key module 108 when a screener key has been retrieved firom 
it. Key store/manager 210 may fiirther direct key loader 214 to erase, or otherwise 
disable, a screener key on screener key module 108, based on an event, such as a pre- 

25 determined number of viewings of the associated secure content, unauthorized activity, 
and the like. 

Key store/manager 210 may also employ secure player 200*s public key 
to encrypt a screener key that is to be loaded onto screener key module 108. 

Decryption engine 206 is configured to receive a stream of content units 
30 from media player subsystem 204. Upon receipt of at least one content unit, decryption 
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engine 206 may make a determination whether the content unit is encrypted. Where a 
content unit is encrypted, decryption engine 206 may extract one or more key packages 
from the content stream. Decryption engine 206 may request a screener key from key 
store/manager 210 to decrypt the key package to, in turn, enable the extraction of one or 
5 more content keys associated with the encrypted content unit. Decryption engine 206 
employs the one or more content keys to decrypt the encrypted content unit. 
Decryption engine 206 may further provide the decrypted content unit to CODEC 208. 

(Optional) anticopy protection device 222 enables additional protections 
of decompressed content by scrambling, dirtying, and otherwise encrypting the 
10 decompressed content prior to providing it to a descrambler device, and the like. As 
such anticopy protection device 222 enables a level of protection of the content after it 
leaves secure player 200. 

Tamper agent 220 is enabled to monitor the components in secure player 
200, to determine whether any component, including secure player 200, itself, is being 
15 tampered with, or otherwise associated with an unauthorized activity. In one 

embodiment, tamper detection & response protection device 220 operates at least at a 
FIPS security level 3. 

Tamper agent 220 may provide a response based on the results of its 
monitoring. Such responses may include directing the erasing or otherwise disabling 
20 the secure content, locking secure player 200 from an operation, erasing of secure 

player's public/private keys, screener keys, content keys, and the like, and reporting the 
detected unauthorized activity. 

FIGURE 3 illustrates one embodiment of a content stream for providing 
secure content. Content stream 300 is only one example of a suitable stream of content 
25 and is not intended to suggest any limitation as to the scope of use or functionality of 
the present invention. Thus, other well-known structures and configurations may be 
employed without departing from the scope of the present invention. 

As shown in the figure, content unit stream 300 includes content units 
301, 303-306, and key package 302. Although, only one key package (302) is 
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illustrated, it is noted that content stream 300 may include virtually any number of key 
packages. 

' Content units 301 , and 303-306 may include a variety of content formats. 
For example, content may be formatted employing Motion Pictures Expert Group 
5 (MPEG) format. Content units 301, and 303-306 are not limited to MPEG content 
formats, and other content formats, including JPEG formats, MP3 formats, and the like, 
may be employed without departing from scope or spirit of the present invention. 
However, the MPEG format is employed herein as an example and for ease of 
illustration. 

10 Briefly, MPEG is an encoding and compression standard for digital 

broadcast content. MPEG provides compression support for television quality 
transmission of video broadcast content. Moreover, MPEG provides for compressed 
audio, control, and even user broadcast content. 

MPEG content streams include packetized elementary streams (PES), 

15 which typically include fixed (or variable sized) blocks or frames of an integral number 
of elementary streams (ES) access units. An ES typically is a basic component of an - 
MPEG content stream, and includes digital control data, digital audio, digital video, and 
other digital content (synchronous or asynchronous). A group of tightly coupled PES 
packets referenced to substantially the same time base comprises an MPEG program 

20 stream (PS). Each PES packet also may be broken into fixed-sized transport packet 
known as MPEG Transport Streams (TS) that form a general-purpose approach of 
combining one or more content streams, possible including independent time bases. 
Moreover, MPEG frames include intra-frames (I-firames), forward predicted frames (P- 
frames), and bi-directional predicted frames (B-fi-ames). 

25 Content units 301 , and 303-306 each may include a portion of the 

content stream that is partitioned into units of data based on a variety of criteria. For 
example, content units 301, and 303-306 may include portions of data extracted from 
the video elementary stream (ES), the audio ES, the digital data ES, and any 
combination of video, audio, data elementary streams of the content stream. For 

30 example, content units 301, and 303-306 may be composed of ten second portions of a 
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video ES. Moreover, content units 301, and 303-306 need not include the same length, 
density, and the like, of content from the content stream. 

Content units 301, and 303-306 may be selectively encrypted using one 
or more content keys. That is, content units 301 and 303 may be encrypted, while 
5 content units 304-306 are left in the clear. Additionally, encryption may be selectively 
applied to at least a portion of the video elementary stream (ES), the audio ES, the 
digital data ES, and any combination and any portion of video, audio, data elementary 
streams that comprise content stream 300. Selective encryption may further include 
selectively encrypting at least a portion of an I-frame, P-frame, B-frame, and any 

10 combination of P, B, and I frames. 

Key package 302 may include one or more content keys used to encrypt 
content units, and a content identifier associated with a content stream 300. The key 
package 302 may also include access constraints, entitlements, and the like, associated 
with content stream 300. Key package 302 may further include synchronization 

1 5 information that indicates which content key is associated with which content unit (30 1 , 
302-306) of content stream 300. 

Key package 302 may be encrypted employing a targeted secure player's 
public/private key. In one embodiment, the targeted secure player's public/private keys 
are generated in a FIPS level 4 device. However, the present invention is not so limited, 

20 and lower security levels may be employed to generate the target secure player's 

public/private keys. In one embodiment, key package 302 is left in the clear, and only 
the content key(s) are encrypted with the targeted secure player's public/private key. 

Generalized Operation 

25 The operation of certain aspects of the present invention will now be 

described with respect to FIGURES 4-6. 

FIGURE 4 illustrates a flow diagram generally showing one embodiment 
for an end-to-end process of providing and viewing secure content. Process 400 may 
operate, for example, within operating environment 100 in FIGURE 1. 

13 



Process 400 begins, after a start block, at block 402. Block 402 is 
described in more detail below in conjunction with FIGURE 5. Briefly, however, at 
block 402 secure content is created, by selectively encrypting at least one content unit 
within a content stream. The selective content unit is encrypted employing at least one 
5 content key. The employed content key(s), along with additional information, may be 
further encrypted and embedded within the content stream. The modified content 
stream is transferred to a content media, such as content media 1 12 in FIGURE 1 . 

Processing proceeds to block 404 where the content media and key 
package are distributed to a user, such as user(s) 1 14 in FIGURE 1. The content media 

10 may be distributed employing a variety of mechanisms, including mail, and the like. 
The screener key module may include a memory stick, a smart card, a DVD, disk, tape, 
and the like. The screener key module may be distributed to the user through a different 
distribution mechanism than employed for the content media. The screener key module 
may be distributed, for example, by employing the hard media described above, by 

1 5 transmission over a network, by mail, and by a variety of other distribution 
mechanisms. 

Processing continues to block 406, which is described in more detail 
below in conjunction with FIGURE 6. Briefly, however, at block 406, a secure player, 
together with the screener key module, and an identity module, are employed to decrypt 
20 and view the content stream located on the content media. Upon completion of the 
actions at block 406, processing retums to processing other actions. 

FIGURE 5 illustrates a flow diagram generally showing one embodiment 
for a process of generating secure content. Process 500 may operate, for example, 
within operating environment 100 in FIGURE 1. 
25 Process 500 begins, after a start block, at block 502, where a stream of 

content units is created. A content owner, producer, and the like, may create the stream 
of content units, by subdividing a content stream into units of data based on a variety of 
criteria, as described above in conjxmction with FIGURE 3. 

Processing proceeds to block 504, where at least one content key is 
30 generated. A content key may be generated employing any of a number of 
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encryption/decryption symmetric mechanisms, including, but not limited to Advanced 
Encryption Standard (AES), RSA, RC6, IDEA, DES, RC2, RC5, Skipjack, and any 
other symmetric encryption algorithm. Moreover, such encryption algorithms may use, 
where appropriate, cipher block chaining mode, cipher feedback mode, CBC cipher text 
5 stealing (CTS), CFB, OFB, counter mode, and/or any other block mode. In one 
embodiment, content keys are generated employing an at least 128 bit AES 
encryption/decryption algorithm. However, content key generation is not limited to 
symmetric key mechanisms, and asymmetric key mechanisms may also be employed 
without departing from the scope of the present invention. 

10 Processing continues to block 506, where at least one content key is 

employed to selectively encrypt a content unit in the content stream. Selective 
encryption may include selecting a content unit at random in the content stream for 
encryption, selecting every N/th content unit in the content stream, and the like. 
Selective encryption may also include selectively encrypting at least a portion of the 

1 5 content unit, such as at least a portion the video elementary stream (ES), the audio ES, 
the digital data ES, and any combination of video, audio, data elementary streams in the 
content unit. Selective encryption may further include encrypting a frame in the content 
unit, such as the I-frame, P-frame, B-frame, and any combination of P, B, and I frames 
of the content unit. 

20 Moreover, selective encryption may fixrther include varying the content 

key employed to encrypt selected content xmits. For example, in one embodiment, a set 
of content keys is rotated through on some basis, such as every ten seconds, to encrypt 
the content units. 

Processing next proceeds to block 508, where a screener key module is 
25 created. The screener key module may include a content identifier associated with the 
content and a screener key. The screener key module may also include entitlements, 
rights and the like associated with the content. Moreover, the screener key may be 
encrypted employing a public/private key that is bound to the targeted secure player. 

Processing continues to block 510, where a key package is created. The 
30 key package may include at least one content key, a content identifier associated with 
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the content, access constraints, entitlements, and the like, substantially as described 
above in conjxinction with FIGURE 3. In one embodiment, the at least one content key 
is encrypted using the screener key. In another embodiment, the key package is 
encrypted. In still another embodiment, the content identifier associated with the 
5 content remains unencrypted. 

Processing continues to block 512, where the key package is embedded 
into the content xmit stream. Processing proceeds to block 514, where the modified 
content units are written to a content media, such as a DVD, high definition DVD, and 
the like. Upon completion of block 514, processing returns to perform other actions. 
10 It is understood that several blocks of FIGURE 5 can be implemented in 

a different sequence, combination of sequences, and the like, without departing from the 
scope or spirit of the present invention. For example, block 506 may be performed 
prior to, or even in combination with, block 504. 

FIGURES 6A-6B illustrate a flow diagram generally shoving one 
15 embodiment for a process of viewing secure content. Process 600 may operate, for 
example, within secure player 200 of FIGURE 2. 

Process 600 begins, after a start block, at block 602, where a content unit 
is read from a content media. Processing proceeds to decision block 604, where a 
determination is made whether the read content unit is encrypted. If it is determined 
20 that the read content unit is encrypted, processing branches to block 610; otherwise, 
processing branches to block 606. 

At block 610, a key package is extracted from the content stream on the 
content media. Processing continues to block 614, where a content identifier is 
extracted from the key package. In one embodiment, the content identifier is already 
25 "in the clear." Processing proceeds to block 616, where the content identifier is 
employed as an index to locate a screener key associated with the secure content. 

Processing continues to decision block 618, where a determination is 
made whether a screener key associated vnth the content identifier is located in an 
existing database, file, directory, and the like, of existing screener keys. If a screener 
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key is not located, processing branches to block 620; otherwise, processing branches to 

decision block 626. 

At block 620, a request is made to obtain a user identity for authorizing 

access to a screener key module. The request may require entering a user 
5 name/password, a biometric entry, and the like. In one embodiment, the request may 

require the user to insert a smart card that includes an identification key. Processing 

continues to decision block 622, where a determination is made whether the received 

identity is valid. If the received identity is valid, processing branches to block 624; 

otherwise, processing returns to perform other actions. In one embodiment, such other 
10 actions, may include, but is not limited to, enabling the user to attempt to re-enter a 

valid identity, erasing the content media, locking the user from access of the content 

media, and the like. 

At block 624, the valid user identity is employed to enable access to the 

screener key located on a screener key module. Processing continues to decision block 
15 626. 

At decision block 626, a determination is made whether the validated 
user has appropriate access rights, entitlements, and the like, to the content unit. If so, 
processing branches to block 628; otherwise, processing returns to perform other 
actions, such as described above, at decision block 622. 

20 At block 628, the screener key is decrypted using the private key that is 

bound to the targeted secure player. Processing continues to block 630, where the 
decrypted screener key is employed to decrypt the content key. In one embodiment, the 
decrypted screener key is employed to decrypt the key package and extract the content 
key. Processing continues to block 632, where the decrypted content key is employed 

25 to decrypt the encrypted content unit. Processing continues to block 606. 

At block 606, a CODEC is employed to decompress the current content 
unit. Processing then proceeds to block 608, where the decompressed content is 
provided to a device, such as a television, and the like, for user enjoyment. In one 
embodiment, at block 608, the decompressed content is fiirther copy protected. Thus, 

30 the decompressed content may be passed through an optional anticopy protection 
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device, prior to forwarding the decompressed content. Upon completion of the actions 
at block 608, the process returns to performing other actions. 

It will be understood that each block of the flowchart illustration, and 
combinations of blocks in the flowchart illustration, can be implemented by computer 
program instructions. These program instructions may be provided to a processor to 
produce a machine, such that the instructions, which execute on the processor, create 
means for implementing the actions specified in the flowchart block or blocks. The 
computer program instructions may be executed by a processor to cause a series of 
operational steps to be performed by the processor to produce a computer implemented 
process such that the instructions, which execute on the processor provide steps for 
implementing the actions specified in the flowchart block or blocks. 

Accordingly, blocks of the flowchart illustration support combinations of 
means for performing the specified actions, combinations of steps for performing the 
specified actions and program instruction means for performing the specified actions. It 
will also be understood that each block of the flowchart illustration, and combinations 
of blocks in the flowchart illustration, can be implemented by special purpose 
hardware-based systems which perform the specified actions or steps, or combinations 
of special purpose hardware and computer instructions. 

The above specification, examples, and data provide a complete 
description of the manufacture and use of the composition of the invention. Since many 
embodiments of the invention can be made without departing firom the spirit and scope 
of the invention, the invention resides in the claims hereinafter appended. 
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